US20090265546A1 - Information processing device, electronic certificate issuing method, and computer-readable storage medium - Google Patents
Information processing device, electronic certificate issuing method, and computer-readable storage medium Download PDFInfo
- Publication number
- US20090265546A1 US20090265546A1 US12/423,057 US42305709A US2009265546A1 US 20090265546 A1 US20090265546 A1 US 20090265546A1 US 42305709 A US42305709 A US 42305709A US 2009265546 A1 US2009265546 A1 US 2009265546A1
- Authority
- US
- United States
- Prior art keywords
- identification information
- information
- computer
- processing device
- correspondence
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
Definitions
- the present invention generally relates to information processing devices, electronic certificate issuing methods and storage media, and more particularly to an information processing device, an electronic certificate issuing method and a computer-readable storage medium which issue an electronic certificate.
- the remote monitoring system which enables a manufacturer or a maintenance service provider to remotely monitor via the Internet an image forming apparatus, such as a copying machine, a printer and a Multi-Function Peripheral (MFP), that is set up in an office, for example.
- the remote monitoring system includes an equipment information collecting apparatus which is provided on the user end and collects equipment information from the image forming apparatus, and a server apparatus which is provided on the manufacturer end or the maintenance service provider end.
- the equipment information collecting apparatus transfers the equipment information to the server apparatus via the Internet.
- the image forming apparatus transfers the equipment information directly to the server apparatus.
- the equipment information may be used for accounting, and may include user's personal information or secret information. For this reason, there is a demand to transfer the equipment information by a secure communication.
- the equipment information is transferred between a client apparatus (that is, the equipment information collecting apparatus or the image forming apparatus) and the server apparatus by a communication employing mutual authentication and enciphering in a Secure Socket Layer (SSL).
- SSL Secure Socket Layer
- the client apparatus and the server apparatus must each have a secret key.
- the secret key must not be leaked to a third party in order to maintain security of the remote monitoring system.
- the secret key must be usable only by those client apparatuses authorized by the manufacturer or the maintenance service provider.
- the public key certificate and the secret key which are unique to the client apparatus, are basically embedded into each client apparatus when the client apparatuses are forwarded from the factory.
- an embedded equipment (or device) which is embedded with the unique public key certificate and secret key, and not a general purpose computer such as a Personal Computer (PC), is used for the image forming apparatus or the equipment information collecting apparatus forming the client apparatus.
- PC Personal Computer
- the flexibility of the remote monitoring system will be reduced by limiting the client apparatus to the embedded equipment (or device). For this reason, it is desirable to realize the functions of the client apparatus (equipment information collecting apparatus) by software that is installable into a general purpose computer such as the PC.
- the software described above is distributed in the form of a package via the Internet or a recording medium such as a CD-ROM, the package is created by copying the software. Hence, it is difficult to safely introduce the secret key and the like that are unique to each package, with respect to the PC to which the software is installed.
- the server apparatus which uses the software may be subject to an attack from the third party who acquired the package.
- Another and more specific object of the present invention is to provide, among other things, an information processing device, an electronic certificate issuing method and a computer-readable storage medium, which can appropriately allocate a unique electronic certificate with respect to a program which is copied and distributed.
- an information processing device comprising a storage device configured to store a predetermined program which causes a computer to communicate using a secret key and a public key; an acquiring unit configured to acquire first identification information of the computer to which the information processing device is coupled; a recording unit configured to record correspondence information indicating a correspondence between a product key of the predetermined program and the first identification information, and second identification information with respect to the correspondence information, in the storage device, if a license authentication with respect to the product key based on the first identification information is successful; and a certificate generating unit configured to generate an individual certificate package including a unique secret key and public key for each second identification information, and to record the individual certificate package in the storage device in correspondence with each second identification information.
- an electronic certificate issuing method executed by an information processing device, comprising an acquiring procedure acquiring first identification information of a computer to which the information processing device is coupled; a recording procedure recording correspondence information indicating a correspondence between a product key of a predetermined program which causes the computer to communicate using a secret key and a public key and the first identification information, and second identification information with respect to the correspondence information, in the information processing device, if a license authentication with respect to the product key based on the first identification information is successful; and a certificate generating procedure generating an individual certificate package including a unique secret key and public key for each second identification information, and recording the individual certificate package in the information processing device in correspondence with each second identification information.
- a computer-readable storage medium which stores a program which, when executed by a computer, causes the computer to perform a process of an information processing device, comprising an acquiring procedure acquiring first identification information of a computer to which the information processing device is coupled; a recording procedure recording correspondence information indicating a correspondence between a product key of a predetermined program which causes the computer to communicate using a secret key and a public key and the first identification information, and second identification information with respect to the correspondence information, in the information processing device, if a license authentication with respect to the product key based on the first identification information is successful; and a certificate generating procedure generating an individual certificate package including a unique secret key and public key for each second identification information, and recording the individual certificate package in the information processing device in correspondence with each second identification information.
- FIG. 1 is a diagram showing an example of an equipment monitoring system in one embodiment of the present invention
- FIG. 2 is a diagram showing a hardware structure of a Personal Computer (PC) in one embodiment of the present invention
- FIG. 3 is a diagram showing an example of a functional structure of the PC in a first embodiment of the present invention
- FIG. 4 is a diagram for explaining an individual certificate package issuing process in the first embodiment
- FIG. 5 is a diagram showing an example of a structure of an activation management table
- FIG. 6 is a diagram showing an example of a structure of an individual certificate package
- FIG. 7 is a diagram showing an example of a structure of a certificate issuance log list
- FIG. 8 is a sequence diagram for explaining an authentication process by SSL using the individual certificate package
- FIG. 9 is a diagram for explaining a first processing procedure for a case where the same license is applied to a different PC
- FIG. 10 is a diagram for explaining a second processing procedure for a case where the same license is applied to a different PC;
- FIG. 11 is a diagram for explaining the individual certificate packet issuing process in a second embodiment
- FIG. 12 is a diagram showing an example of a structure within a Universal Serial Bus (USB) token in a third embodiment
- FIG. 13 is a diagram showing an example of a functional structure of the PC in a third embodiment
- FIG. 14 is a diagram for explaining the individual certificate package issuing process in the third embodiment.
- FIG. 15 is a diagram for explaining a processing result reflecting process for a USB token.
- FIG. 1 is a diagram showing an example of an equipment monitoring system in one embodiment of the present invention.
- an equipment monitoring system 1 includes one or more PCs 10 , one or more equipments 20 , a center server 40 , an activation server 50 , and a Certificate Authority (CA) 60 .
- the PCs 10 and the equipments 20 are connected via a cable or wireless network 30 , such as a Local Area Network (LAN).
- the PCs 10 , the center server 40 , the activation server 50 and the CA 60 are connected via a network 70 , such as the Internet.
- LAN Local Area Network
- Each PC 10 and each equipment 20 are set up at a user site in an office or the like.
- the user site is where the equipments 20 are set up.
- the equipment 20 is the monitoring target in the equipment monitoring system 1 , and is formed by a copying machine, a printer, a facsimile machine, a Multi-Function Peripheral (MFP) or the like.
- the PC 10 collects equipment information related to the monitoring target from each equipment 20 , and transfers the collected equipment information to the center server 40 by an enciphered (or encrypted) communication via mutual authentication.
- the equipment information indicates various counter values, operating states and the like. For example, a communication employing the Secure Socket Layer (SSL) is used for the enciphered communication via mutual authentication.
- SSL Secure Socket Layer
- the function of collecting the equipment information and transferring the collected equipment information to the center server 40 is realized by an equipment information notifying program which is executed in the PC 10 .
- the center server 40 belongs to a monitoring site of the equipments 20 , such as a manufacturer of the equipments 20 and the maintenance service provider (or operator).
- the center server 40 is formed by a computer which provides an equipment monitoring service such as receiving the equipment information from the PC 10 and storing the received equipment information, during a normal operation of the equipment monitoring system 1 .
- the center server 40 intervenes between the PC 10 and the CA 60 during a process which is performed to secure security, such as communicating from the PC 10 to the center server 40 , prior to starting the operation of monitoring of the equipments 20 .
- the center server 40 requests the CA 60 to issue data (hereinafter referred to as an individual certificate package) including a secret key, a public key certificate and the like which are unique to each PC 10 , in response to a request from the PC 10 , and returns the individual certificate package issued from the CA 60 to the PC 10 which made the request.
- the individual certificate package (secret key, public key certificate, etc.) is used for the mutual authentication and enciphered communication between PC 10 and the center server 40 when the PC transfers the equipment information to the center server 40 .
- the individual certificate package is formed by an electronic certificate package in conformance with the Public Key Cryptography Standards (PKCS).
- PKCS Public Key Cryptography Standards
- the activation server 50 performs an activation (or activation process) related to the equipment information notifying program.
- the “activation” refers to the process of confirming whether a target possesses the legitimate license, that is, the license authentication.
- the CA 60 is the so-called authenticator (or authenticating body) which is formed by one or more computers and issues the individual certificate package and the like.
- the CA 60 maintains uniqueness of the individual certificate package and prevents issuance of the individual certificate package with respect to the client (PC 10 ) who does not possess the license, by linking with the activation server 50 .
- FIG. 2 is a diagram showing a hardware structure of a Personal Computer (PC) in one embodiment of the present invention.
- the PC 10 shown in FIG. 2 includes a Hard Disk Drive (HDD) 102 , a memory device 103 , a CPU 104 , an interface device 105 , a display device 106 , and an input device 107 which are connected via a bus B.
- HDD Hard Disk Drive
- the equipment information notifying program which realizes the process of the PC 10 is downloaded via the network 30 or the networks 70 and 30 , for example, and is installed in the HDD 102 .
- the HDD 102 In addition to the equipment information notifying program installed therein, the HDD 102 also stores necessary files, data and the like.
- the memory device 103 stores the equipment information notifying program that is read from the HDD 102 when a start instruction is issued to start the equipment information notifying program.
- the CPU 104 realizes the functions of the PC 10 according to the equipment information notifying program stored in the memory device 103 .
- the interface device 105 provides an interface for connecting the PC 10 to the network 30 .
- the display device 106 displays a Graphical User Interface (GUI) or the like by the equipment information notifying program.
- the input device 107 is formed by a keyboard, a mouse and the like, and is used to input various operation instructions.
- the installing of the equipment information notifying program does hot necessarily have to be made via the network 30 , and may be made via a recording medium such as a CD-ROM and a SD-Card.
- Each of the center server 40 , the activation server 50 and the CA 60 may have a hardware structure similar to the hardware structure of the PC 10 shown in FIG. 2 . However, in the case of the center server 40 , the activation server 50 and the CA 60 , it is not essential to provide or connect the display device 106 and the input device 107 .
- FIG. 3 is a diagram showing an example of a functional structure of the PC in a first embodiment of the present invention.
- an equipment information notifying program 11 operates (or runs) on an Operating System (OS) 12 , and causes the PC 10 to function as a User Interface (UI) part 112 , an activation request part 113 , an individual certificate request part 114 , an equipment information collecting part 115 , and an equipment information transfer part 116 .
- OS Operating System
- UI User Interface
- the UI part 112 displays the GUI on the display device 106 , and performs processes such as detecting a user request and providing information to the user.
- the activation request part 113 makes an activation request for the equipment information notification program 11 , with respect to the activation server 50 .
- the individual certificate request part 114 requests issuance of the individual certificate package with respect to the center server 40 depending on the activation result.
- the equipment information collecting part 115 collects the equipment information from the equipments 20 that are connected to the network 30 .
- the equipment information transfer part 116 transfers the collected equipment information to the center server 40 . When transferring the collected equipment information, the equipment information transfer part 116 performs the mutual authentication and enciphered communication using the individual certificate package.
- Identification information which enables the PC 10 to communicate with the center server 40 , the activation server 50 and the CA 60 such as the Internet Protocol (IP) address, a host name, and a Uniform Resource Locator (URL), is stored in the HDD 102 at a location that is recognizable by the equipment information notifying program 11 .
- IP Internet Protocol
- URL Uniform Resource Locator
- FIG. 4 is a diagram for explaining an individual certificate package issuing process in the first embodiment.
- the process in each apparatus of the equipment monitoring system 1 is performed by the control of the program which is installed in each apparatus and executed.
- a license issuing source of the equipment information notifying program 11 issues a product key (or license key) corresponding to the license.
- a user of the PC 10 receives the product key issued from the license issuing source.
- the product key is issued when the license is purchased.
- the method of purchasing the license and the method of issuing the product key are not limited to particular methods, and the purchasing of the license and the issuing of the product key may be made via the Internet or via a recording medium, including paper.
- the product key is unique to each license.
- the activation request part 113 sends an activation request (request to use) for the equipment information notifying program 11 with respect to the activation server 50 , in a step S 102 .
- the activation request includes the product key and hardware information of the PC 10 .
- the hardware information is any information which physically and uniquely identifies the PC 10 , such as a Media Access Control (MAC) address of the PC 10 , a serial number of the CPU 104 , and a serial number of the memory device 103 .
- the activation request part 113 acquires the hardware information from the PC 10 .
- the UI part 112 stores the input product key at a predetermined location in the HDD 102 .
- the activation server 50 performs an activation process (or license authentication) based on an activation management table when the product key and the hardware information are received from the PC 10 , in a step S 103 .
- FIG. 5 is a diagram showing an example of a structure of the activation management table.
- An activation management table 51 shown in FIG. 5 manages the serial number and an invalid flag with respect to each pair of activated (license authenticated) product key and hardware information.
- the activation management table 51 is stored in a storage device of the activation server 50 .
- the activation server 50 authenticates the license by judging whether or not the received product key is already registered in the activation management table 51 in correspondence with another hardware information (that is, whether or not the equipment information notifying program 11 is being used by another PC 10 based on the same product key information).
- the activation server 50 authenticates the license by judging whether or not different hardware information amounting to the number of licenses (hereinafter referred to as a license number) with respect to the received product key is already registered in the activation management table 51 in correspondence with the received product key.
- Information specifying the license number may be included in a product identifier (ID) or, may be inquired to the computer at the license issuing source based on the product ID.
- the activation server 50 authenticates the license with respect to the received product key and hardware information (that is, judges that the license is legitimate), and registers the received product key and hardware information in the activation management table 51 in correspondence with each other.
- the activation server 50 generates a serial number, that is, identification information, which is unique to the pair of received product key and hardware information, and registers the serial number in the activation management table 51 in correspondence with the pair.
- the activation server 50 sends (or issues) the serial number with respect to the PC 10 , in a step S 104 . If the license authentication fails (or the activation amounting to the license number has already been made), the activation server 50 sends to the PC 10 information indicating that the activation failed. Hence, the serial number is issued only when the activation is successful.
- the individual certificate request part 114 of the PC 10 generates an identification identifier (ID) by performing a reversible conversion (or reversible transformation) with respect to the combination of a model identifier (ID) and a serial number, in a step S 105 .
- the model ID is an identifier (ID) assigned to the equipment information notifying program 11 . In other words, the model ID takes a common value with respect to all equipment information notifying programs 11 which are distributed.
- the individual certificate request part 114 requests issuance of the individual certificate package by sending the identification ID to the center server 40 , in a step S 106 .
- the center server 40 transfers the received identifier ID and the issuance request for the individual certificate package to the CA 60 , in a step S 107 .
- the CA 60 extracts the serial number from the received identification ID in a step S 108 , and sends the serial number to the activation server 50 in order to inquire whether or not the serial number is a legitimately issued serial number, in a step S 109 .
- the activation server 50 judges whether or not the serial number is a legitimately issued serial number based on the activation management table 51 , in a step S 110 . If the serial number is registered in the activation management table 51 , the activation server 50 judges that the serial number is a legitimately issued serial number.
- the activation server 50 judges that the serial number is not a legitimately issued serial number if the serial number is not registered in the activation management table 51 .
- the activation server 50 returns a judgement result to the CA 60 , in a step S 111 .
- the CA 60 If the serial number is a legitimately issued serial number, the CA 60 generates a unique individual certificate package with respect to the identification ID, that is, with respect to the equipment information notifying program 11 of the PC 10 , and returns the generated individual certificate package to the center server 40 , in a step S 112 .
- FIG. 6 is a diagram showing an example of a structure of the individual certificate package.
- an individual certificate package 117 includes a client public key certificate 1171 , an authenticator public key certificate 1172 , a client secret key 1173 , and a connecting destination information 1174 .
- the client public key certificate 1171 and the client secret key 1173 are respectively used as a public key certificate and a secret key at the PC 10 when performing the mutual authentication and enciphered communication between the PC 10 and the center server 40 .
- the authenticator public key certificate 1172 is a public key certificate of the CA 60 .
- the connecting destination information 1174 is identification information of the connecting destination for the enciphered communication using the individual certificate package 117 , and is formed by an IP address of the center server 40 in this embodiment.
- the CA 60 registers the identification ID, which is an issuance target of the individual certificate package 117 , in a certificate issuance log list.
- FIG. 7 is a diagram showing an example of a structure of the certificate issuance log list.
- a certificate issuance log list 61 is a list of identification IDs issued by the individual certificate package 117 .
- the certificate issuance log list 61 is stored in a storage device of the CA 60 .
- the center server 40 transfers the individual certificate package 117 to the PC 10 , in a step S 113 .
- the individual certificate request part 114 of the PC 10 stores the received individual certificate package 117 in the HDD 102 at a predetermined location.
- the equipment information transfer part 116 When the equipment information notifying program 11 is activated in the PC 10 and the individual certificate package 117 is introduced with respect to the PC 10 , it becomes possible for the equipment information transfer part 116 to transfer the equipment information collected by the equipment information collecting part 115 with respect to the center server 40 .
- the equipment information transfer part 116 sends the product key and the hardware information stored in the HDD 102 to the activation server 50 in order to inquire whether or not the execution of the equipment information transfer is permitted.
- the activation server 50 permits the execution if the received product key and hardware information are registered in the activation management table 51 .
- the equipment information transfer part 116 executes a mutual authentication by the SSL using the individual certificate package 117 .
- FIG. 8 is a sequence diagram for explaining an authentication process by the SSL using the individual certificate package.
- the certificate package is also introduced to the center server 40 .
- a unique certificate package is introduced (or stored) in advance in the center server 40 .
- the certificate package introduced in advance to the center server 40 includes a unique public key certificate (or server public key certificate) for each center server 40 , a unique secret key (or server secret key) for each center server 40 , and a public key certificate of the authenticator 60 .
- the equipment information transfer part 116 sends a SSL version number, supported enciphering set, a random number and the like to the center server 40 , in a step S 301 .
- the center server 40 sends the SSL version number, the enciphering set used, the random number and the like to the equipment information transfer part 116 , in a step S 302 .
- the center server 40 sends a server public key certificate to the equipment information transfer part 116 , in a step S 303 .
- the center server 40 requests presentation of the certificate to the equipment information transfer part 116 , in a step S 304 .
- the center sever 40 thereafter waits for a response from the equipment information transfer part 116 .
- the equipment information transfer part 116 inspects the received server public key certificate using the authenticator public key certificate 1172 , in a step S 305 .
- the equipment information transfer part 116 sends the client public key certificate 1171 to the center server 40 , in a step S 306 .
- the equipment information transfer part 116 enciphers a premaster secret (random number) which is calculated from hash values of data exchanged up to that point in time, by a server public key of the server public key certificate, in a step S 307 .
- the equipment information transfer part 116 sends the enciphered premaster secret to the center server 40 , in a step S 308 .
- the equipment information transfer part 116 makes a signature to the random data calculated using the data exchanged up to that point in time, using the client secret key, in a step S 309 .
- the equipment information transfer part 116 random data with the signature to the center server 40 , in a step S 310 .
- the equipment information transfer part 116 creates a session key based on two seeds and the premaster secret, in a step S 311 .
- the center server 40 inspects the received client public key certificate 1171 using the authenticator public key certificate possessed by the center server 40 , and the center server 40 also inspects the data with the signature using the client public key certificate 1171 , in a step S 312 .
- the center server 40 creates a session key from the two seeds and the premaster secret deciphered (or decrypted) using the server secret key, in the step S 312 .
- the equipment information transfer part 116 sends a message indicating that the data will thereafter be sent using a common key, and a message indicating an end of the SSL authentication to the center server 40 , in a step S 313 .
- the center server 40 sends a message indicating that the data will thereafter be sent using the common key, and a message indicating an end of the SSL authentication to the equipment to the equipment information transfer part 116 , in a step S 314 .
- an enciphered communication using the session key is started. By this enciphered communication, the equipment information transfer part 116 sends the equipment information and the like with respect to the center server 40 .
- the authentication process shown in FIG. 8 will not be successful and the enciphered communication using the session key cannot be performed thereafter.
- the equipment information is transferred on the condition that the activation with respect to the equipment information notifying program 11 is successful and the individual certificate package 117 is introduced to the PC 10 .
- the authentication process shown in FIG. 8 achieves the mutual authentication from the theory that an illegitimate server other than the center server 40 possessing the certificate will not possess the secret key and will not be able to decipher the premaster secret sent from the equipment information transfer part 116 , and an illegitimate client other than PC 10 having the equipment information transfer part 116 which possesses the certificate will not be able to confirm the signature from the client.
- FIG. 9 is a diagram for explaining a first processing procedure for a case where the same license is applied to a different PC.
- the user at the user site of the equipment 20 requests issuance of a different product key with respect to the already purchased license, that is, requests reissuance of the product key.
- the user notifies the old product key which is already issued with respect to the license to the license issuing source.
- the computer at the license issuing source receives the old product key, this computer sends a product key reissue request to the activation server 50 together with the old product key, in a step S 401 .
- the activation server 50 generates a new product key which is to replace the old product key, that is, reissues the product key, and returns the new product key which is generated (or the product key which is reissued) to the computer at the license issuing source, in a step S 402 .
- the activation server 50 turns ON the invalid flag corresponding to the old product key in the activation management table 51 . By turning ON the invalid flag, the old product key is invalidated. Thereafter, any activation request based on the old product key is rejected.
- the license issuing source notifies the product key which is reissued with respect to the user site of the equipment 20 to this user site, in a step S 403 .
- a PC 10 a which is newly installed with the equipment information notifying program 11 is utilized, and a processing sequence similar to the processing sequence described above in conjunction with FIG. 4 is executed based on the reissued product key, in steps S 404 through S 415 . Accordingly, a new serial number is issued in the step S 405 , and a new individual certificate package 117 is issued in the step S 414 .
- the activation server 50 would return a response indicating that the execution of the equipment information transfer is not permitted, based on the invalidated old product key, in response to an inquiry from the equipment information transfer part 116 inquiring whether or not the execution of the equipment information transfer is permitted. For this reason, an equipment information transfer which would violate the license will be prevented.
- FIG. 10 is a diagram for explaining a second processing procedure for the case where the same license is applied to the different PC.
- the process of reissuing the product key, performed by steps S 501 through S 503 shown in FIG. 10 is basically the same as the process performed by the steps S 401 through S 403 show in FIG. 9 .
- the activation server 50 not only invalidates the old product key, but also stores in the storage device thereof information indicating the correspondence between the reissued product key (that is, the new product key) and the old product key.
- the activation request part 113 of the PC 10 a sends an activation request for (or request to use) the equipment information notifying program 11 , together with the new product key and the hardware information of the PC 10 a , to the activation server 50 , in a step S 504 .
- the activation server 50 performs an activation process based on the new product key and the hardware information, in a step S 505 .
- the activation server 50 does not generate a new serial number with respect to the new product key, and makes the serial number registered with respect to the old product key which corresponds to the new product key correspond to the new product key in the activation management table 51 , in the step S 505 . Accordingly, the activation server 50 returns to the PC 10 a the serial number which is identical to the serial number with respect to the old product key, in the step S 505 .
- Steps S 507 through S 509 shown in FIG. 10 are similar to the steps S 407 through S 409 shown in FIG. 9 .
- the individual certificate request part 114 specifically requests reissuance of the individual certificate package 117 .
- the center server 40 sends the individual certificate reissue request to the CA 60 , in the step S 509 .
- the CA 60 judges whether or not the received identification ID is registered in the certificate issuance log list 61 shown in FIG. 7 , in response to the individual certificate reissue request.
- the CA 60 When the received identification ID is registered in the certificate issuance log list 61 , the CA 60 generates the individual certificate package 117 without making an inquiry with respect to the activation server 50 , and sends the generated individual certificate package 117 to the center server 40 , in a step S 511 .
- the identification ID for which the individual certificate package 117 has once been issued will be regarded as being legitimate.
- the CA 60 does not need to make an inquiry with respect to the activation server 50 , and the process of issuing the individual certificate package 117 is simplified.
- the process performed after the step S 511 , in the process performed in a step S 512 is the same as the process performed in FIG. 9 .
- the equipment information monitoring system 1 of this first embodiment it is possible to appropriately issue the individual certificate package 117 by the link between the activation server 50 and the CA 60 .
- the activation server 50 allocates a unique serial number with respect to the pair of product key and hardware information.
- the CA 60 inquires the legitimacy of the license based on the serial number, in response to the request to issue the individual certificate package 117 , and issues the individual certificate package 117 only when the legitimacy of the license is confirmed. Therefore, it is possible to appropriately issue, with respect to the PC 10 , the individual certificate package 117 which is unique to the PC 10 . As a result, it becomes possible to identify each of the individual PCs 10 , that is, each of the equipment information notifying programs 11 .
- FIG. 11 is a diagram for explaining the individual certificate packet issuing process in the second embodiment.
- Steps S 601 through S 609 shown in FIG. 11 are similar to the steps S 101 through S 111 shown in FIG. 4 .
- the individual certificate request part 114 of the PC 10 sends the serial number and not the identification ID in response to the request to issue the individual certificate package 117 .
- the identification ID is not generated, and the serial number is notified to the CA 60 in the step S 606 . Consequently, the CA 60 does not need to extract the serial number from the identification ID.
- the generation of the identification ID is also not essential in the first embodiment described above.
- the first embodiment may also request the issuance of the individual certificate package 117 based on the serial number.
- the CA 60 When the activation server 50 confirms that the serial number is a serial number which has already been issued, the CA 60 generates the individual certificate package 117 and records the individual certificate package 117 in a Universal Serial Bus (USB) token 62 which is connected to a USB port (or USB connector) of the CA 60 , in a step S 610 .
- USB Universal Serial Bus
- the individual certificate package 117 can be distributed to the user site of the equipment 20 using the USB token 62 as the medium.
- the individual certificate request part 114 reads the individual certificate package 117 from the USB token 62 and stores the individual certificate package 117 in the HDD 102 , in a step S 612 .
- the individual certificate package 117 may continue to be stored in the USB token 62 .
- the USB token 62 must be connected to the PC 10 during operation of the equipment monitoring system 1 .
- the medium used to distribute the individual certificate package 117 is not limited to the USB token 62 .
- any portable recording medium, such as a USB memory and a CD-ROM, may be used as the medium for distributing the individual certificate package 117 .
- the functions of the CA 60 and the activation server 50 are installed in the portable recording medium (or portable information processing device) which is mounted with an IC chip that includes a CPU, a memory and the like.
- the portable recording medium or portable information processing device
- This third embodiment uses a USB token as an example of the information processing device, but it is of course possible to use other recording media which include a processor and a storage device.
- FIG. 12 is a diagram showing an example of a structure within a USB token in the third embodiment.
- a USB token 80 shown in FIG. 12 is recorded with four programs and data.
- the four programs include an activation program 81 , an identification ID generating program 82 , a CA program 83 , and a result reflecting program 84 .
- the data include a product key 85 , a valid license number 86 , and a management table 87 .
- the activation program 81 realizes the functions of the activation server 50 in a simplified manner.
- the identification ID generating program 82 generates the identification ID.
- the CA program 83 realizes the functions of the CA 60 in a simplified manner.
- the result reflecting program 84 reflects the contents of the processes executed by the activation program 81 and the CA program 83 to the activation server 50 and the CA 60 .
- the product key 85 is a product key issued from the license issuing source.
- the valid license number 86 is the number of licenses set with respect to the product key 85 .
- FIG. 12 shows a state after the product key is issued.
- the license number that is, the number of licenses
- the management table 87 manages the hardware information, the serial number, and the identification ID for each individual certificate package 117 which has been issued. Hence, in an initial state where no individual certificate package 117 has been issued using the USB token 80 , the management table 87 is empty.
- FIG. 13 is a diagram showing an example of a functional structure of the PC in the third embodiment.
- those parts that are the same as those corresponding parts in FIG. 3 are designated by the same reference numerals, and a description thereof will be omitted.
- an equipment information notifying program 11 a does not include an activation request part 113 and an individual certificate request part 114 .
- the structure of the equipment information notifying program 11 a is simplified according to this third embodiment.
- FIG. 14 is a diagram for explaining the individual certificate package issuing process in the third embodiment.
- the activation program 81 causes the IC chip of the USB token 80 to execute the respective processes thereof.
- the activation program 81 reads the hardware information from the PC 10 , in a step S 701 .
- the hardware information may be read directly from the PC 10 or, input via the equipment information notifying program 11 a .
- the activation program 81 executes an activation process based on the product key 85 and the hardware information, in a step S 702 . More particularly, the activation program 81 confirms whether or not the number of records registered in the management table 87 has reached the valid license number 86 , and whether or not the hardware information acquired by the PC 10 is already registered in the management table 87 .
- the activation program 81 If the number of records has not reached the valid license number 86 and the hardware information is not registered in the management table 87 , the activation program 81 generates a unique serial number with respect to the pair of the hardware information and the product key 85 . The activation program 81 registers the hardware information and the serial number in the management table 87 , and notifies the serial number to the identification ID generating program 82 .
- the identification ID generating program 82 acquires a model ID from the equipment information notifying program 11 a , and generates an identification ID based on the model ID and the serial number, in a step S 703 .
- the identification ID generating program 82 registers the generated identification ID in the management table 87 in correspondence with the serial number.
- the identification ID generating program 82 requests issuance of the individual certificate package 117 with respect to the CA program 83 based on the identification ID, in a step S 704 .
- the CA program 83 generates a unique individual certificate package 117 for each identification ID, and registers the individual certificate package 117 in the management table 87 in correspondence with the identification ID, in a step S 705 .
- FIG. 15 is a diagram for explaining a processing result reflecting process for a USB token.
- the result reflecting program 84 sends the product key 85 , the hardware information newly registered in the management table 87 , and the serial number, to the activation server 50 via the PC 10 , as the processing result of the simplified activation process, in a step S 801 .
- the activation server 50 registers the received product key 85 , hardware information and serial number in the activation management table 51 , in correspondence with each other, in a step S 802 . Hence, the result of the simplified activation process is reflected to the activation server 50 .
- the result reflecting program 84 sends the identification ID newly registered in the management table 87 to the CA 60 via the PC 10 , in a step S 803 .
- the CA 60 registers the received identification ID in the certificate issuance log list 61 , in a step S 804 .
- the result of the simplified process of issuing the individual certificate package 117 is reflected to the CA 60 .
- Identification information which enables the communication between the activation server 50 and the CA 60 may be recorded within the USB token 80 or, may be read from an external source by reading the information stored in the equipment information notifying program 11 a , for example.
- FIGS. 14 and 15 are executed by using the single USB token 80 within the user site of the equipment 20 . Accordingly, it is possible to appropriately prevent a license violation, and to introduce the individual certificate package 117 which is unit to each PC 10 .
- the equipment information transfer part 116 of the PC 10 uses the individual certificate package 117 corresponding to the hardware information of the PC 10 by reading the individual certificate package 117 from the USB token 80 every time the equipment information is transferred. In other words, the individual certificate package 117 is continuously stored in the USB token 80 . For this reason, it is necessary to connect the USB token 80 to the PC 10 during operation of the equipment monitoring system 1 .
- the individual certificate package 117 may be imported from the USB token 80 to the equipment information notifying program 11 a , that is, to the storage device of the PC 10 . In this case, it is unnecessary to connect the USB token 80 to the PC 10 during operation of the equipment monitoring system 1 .
- a single USB token 80 may be used with respect to a plurality of PCs 10 as a simplified individual certificate setting tool.
- the process shown in FIG. 15 may be executed asynchronously to the process shown in FIG. 14 .
- the USB token 80 may be connected to another PC, so as to execute the process shown in FIG. 15 simultaneously for a plurality of PCs.
- a maintenance person may execute the process shown in FIG. 14 with respect to a number of PCs 10 amounting to the valid license number 86 at the user site of the equipment 20 , and the maintenance person may execute the process shown in FIG. 15 after returning to the office of the maintenance service provider.
- the USB token 80 must be distributed in advance to the user site.
- the program stored in the USB token 80 can execute in a simplified manner the individual certificate issuing procedure which required the linking between the activation server 50 and the CA 60 .
- USB memory device or other portable recording media, not mounted with an IC chip, may be used in place of the USB token 80 .
- each program within the recording medium can be loaded to the memory device 103 or the like of the PC 10 to cause the PC 10 to execute the processing sequence of each program.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
Description
- 1. Field of the Invention
- The present invention generally relates to information processing devices, electronic certificate issuing methods and storage media, and more particularly to an information processing device, an electronic certificate issuing method and a computer-readable storage medium which issue an electronic certificate.
- 2. Description of the Related Art
- Conventionally, there is the so-called “remote monitoring system” which enables a manufacturer or a maintenance service provider to remotely monitor via the Internet an image forming apparatus, such as a copying machine, a printer and a Multi-Function Peripheral (MFP), that is set up in an office, for example. The remote monitoring system includes an equipment information collecting apparatus which is provided on the user end and collects equipment information from the image forming apparatus, and a server apparatus which is provided on the manufacturer end or the maintenance service provider end. The equipment information collecting apparatus transfers the equipment information to the server apparatus via the Internet. Alternatively, the image forming apparatus transfers the equipment information directly to the server apparatus.
- The equipment information may be used for accounting, and may include user's personal information or secret information. For this reason, there is a demand to transfer the equipment information by a secure communication. In order to prevent tampering of data or impersonating of the user on the transfer path, the equipment information is transferred between a client apparatus (that is, the equipment information collecting apparatus or the image forming apparatus) and the server apparatus by a communication employing mutual authentication and enciphering in a Secure Socket Layer (SSL).
- In order to perform the mutual authentication, the client apparatus and the server apparatus must each have a secret key. The secret key must not be leaked to a third party in order to maintain security of the remote monitoring system. In addition, the secret key must be usable only by those client apparatuses authorized by the manufacturer or the maintenance service provider.
- According to the conventional remote monitoring system, the public key certificate and the secret key, which are unique to the client apparatus, are basically embedded into each client apparatus when the client apparatuses are forwarded from the factory. In other words, an embedded equipment (or device) which is embedded with the unique public key certificate and secret key, and not a general purpose computer such as a Personal Computer (PC), is used for the image forming apparatus or the equipment information collecting apparatus forming the client apparatus.
- Accordingly, when forwarding the client apparatuses from the factory, it is possible to record the secret key and the like in each client apparatus in a manner such that the secret key and the like cannot be physically extracted. As a result, it is possible to secure the uniqueness and safety of the secret key.
- The applicant is aware of a Japanese Laid-Open. Patent Publication No. 2004-320715.
- However, the flexibility of the remote monitoring system will be reduced by limiting the client apparatus to the embedded equipment (or device). For this reason, it is desirable to realize the functions of the client apparatus (equipment information collecting apparatus) by software that is installable into a general purpose computer such as the PC.
- However, when the software described above is distributed in the form of a package via the Internet or a recording medium such as a CD-ROM, the package is created by copying the software. Hence, it is difficult to safely introduce the secret key and the like that are unique to each package, with respect to the PC to which the software is installed.
- On the other hand, when the package is distributed via a network such as the Internet, a third party can acquire the package in a relatively easy manner. Consequently, the server apparatus which uses the software may be subject to an attack from the third party who acquired the package.
- Accordingly, it is a general object of the present invention to provide a novel and useful information processing device, electronic certificate issuing method and computer-readable storage medium, in which the problem described above is suppressed.
- Another and more specific object of the present invention is to provide, among other things, an information processing device, an electronic certificate issuing method and a computer-readable storage medium, which can appropriately allocate a unique electronic certificate with respect to a program which is copied and distributed.
- According to one aspect of the present invention, there is provided an information processing device comprising a storage device configured to store a predetermined program which causes a computer to communicate using a secret key and a public key; an acquiring unit configured to acquire first identification information of the computer to which the information processing device is coupled; a recording unit configured to record correspondence information indicating a correspondence between a product key of the predetermined program and the first identification information, and second identification information with respect to the correspondence information, in the storage device, if a license authentication with respect to the product key based on the first identification information is successful; and a certificate generating unit configured to generate an individual certificate package including a unique secret key and public key for each second identification information, and to record the individual certificate package in the storage device in correspondence with each second identification information.
- According to one aspect of the present invention, there is provided an electronic certificate issuing method executed by an information processing device, comprising an acquiring procedure acquiring first identification information of a computer to which the information processing device is coupled; a recording procedure recording correspondence information indicating a correspondence between a product key of a predetermined program which causes the computer to communicate using a secret key and a public key and the first identification information, and second identification information with respect to the correspondence information, in the information processing device, if a license authentication with respect to the product key based on the first identification information is successful; and a certificate generating procedure generating an individual certificate package including a unique secret key and public key for each second identification information, and recording the individual certificate package in the information processing device in correspondence with each second identification information.
- According to one aspect of the present invention, there is provided a computer-readable storage medium which stores a program which, when executed by a computer, causes the computer to perform a process of an information processing device, comprising an acquiring procedure acquiring first identification information of a computer to which the information processing device is coupled; a recording procedure recording correspondence information indicating a correspondence between a product key of a predetermined program which causes the computer to communicate using a secret key and a public key and the first identification information, and second identification information with respect to the correspondence information, in the information processing device, if a license authentication with respect to the product key based on the first identification information is successful; and a certificate generating procedure generating an individual certificate package including a unique secret key and public key for each second identification information, and recording the individual certificate package in the information processing device in correspondence with each second identification information.
- According to one aspect of the present invention, it is possible, among other things, to appropriately allocate a unique electronic certificate with respect to a program which is copied and distributed.
- Other objects and further features of the present invention will be apparent from the following detailed description when read in conjunction with the accompanying drawings.
-
FIG. 1 is a diagram showing an example of an equipment monitoring system in one embodiment of the present invention; -
FIG. 2 is a diagram showing a hardware structure of a Personal Computer (PC) in one embodiment of the present invention; -
FIG. 3 is a diagram showing an example of a functional structure of the PC in a first embodiment of the present invention; -
FIG. 4 is a diagram for explaining an individual certificate package issuing process in the first embodiment; -
FIG. 5 is a diagram showing an example of a structure of an activation management table; -
FIG. 6 is a diagram showing an example of a structure of an individual certificate package; -
FIG. 7 is a diagram showing an example of a structure of a certificate issuance log list; -
FIG. 8 is a sequence diagram for explaining an authentication process by SSL using the individual certificate package; -
FIG. 9 is a diagram for explaining a first processing procedure for a case where the same license is applied to a different PC; -
FIG. 10 is a diagram for explaining a second processing procedure for a case where the same license is applied to a different PC; -
FIG. 11 is a diagram for explaining the individual certificate packet issuing process in a second embodiment; -
FIG. 12 is a diagram showing an example of a structure within a Universal Serial Bus (USB) token in a third embodiment; -
FIG. 13 is a diagram showing an example of a functional structure of the PC in a third embodiment; -
FIG. 14 is a diagram for explaining the individual certificate package issuing process in the third embodiment; and -
FIG. 15 is a diagram for explaining a processing result reflecting process for a USB token. - A description will be given of embodiments of the information processing device, the electronic certificate issuing method and the computer-readable storage medium according to the present invention, by referring to the drawings.
-
FIG. 1 is a diagram showing an example of an equipment monitoring system in one embodiment of the present invention. InFIG. 1 , anequipment monitoring system 1 includes one ormore PCs 10, one ormore equipments 20, acenter server 40, anactivation server 50, and a Certificate Authority (CA) 60. ThePCs 10 and theequipments 20 are connected via a cable orwireless network 30, such as a Local Area Network (LAN). The PCs 10, thecenter server 40, theactivation server 50 and the CA 60 are connected via anetwork 70, such as the Internet. - Each PC 10 and each
equipment 20 are set up at a user site in an office or the like. The user site is where theequipments 20 are set up. Theequipment 20 is the monitoring target in theequipment monitoring system 1, and is formed by a copying machine, a printer, a facsimile machine, a Multi-Function Peripheral (MFP) or the like. The PC 10 collects equipment information related to the monitoring target from eachequipment 20, and transfers the collected equipment information to thecenter server 40 by an enciphered (or encrypted) communication via mutual authentication. The equipment information indicates various counter values, operating states and the like. For example, a communication employing the Secure Socket Layer (SSL) is used for the enciphered communication via mutual authentication. Of course, a plurality of user sites may exist. The function of collecting the equipment information and transferring the collected equipment information to thecenter server 40 is realized by an equipment information notifying program which is executed in thePC 10. - The
center server 40 belongs to a monitoring site of theequipments 20, such as a manufacturer of theequipments 20 and the maintenance service provider (or operator). Thecenter server 40 is formed by a computer which provides an equipment monitoring service such as receiving the equipment information from thePC 10 and storing the received equipment information, during a normal operation of theequipment monitoring system 1. Thecenter server 40 intervenes between thePC 10 and theCA 60 during a process which is performed to secure security, such as communicating from thePC 10 to thecenter server 40, prior to starting the operation of monitoring of theequipments 20. More particularly, thecenter server 40 requests theCA 60 to issue data (hereinafter referred to as an individual certificate package) including a secret key, a public key certificate and the like which are unique to eachPC 10, in response to a request from thePC 10, and returns the individual certificate package issued from theCA 60 to thePC 10 which made the request. The individual certificate package (secret key, public key certificate, etc.) is used for the mutual authentication and enciphered communication betweenPC 10 and thecenter server 40 when the PC transfers the equipment information to thecenter server 40. In this embodiment, the individual certificate package is formed by an electronic certificate package in conformance with the Public Key Cryptography Standards (PKCS). - The
activation server 50 performs an activation (or activation process) related to the equipment information notifying program. The “activation” refers to the process of confirming whether a target possesses the legitimate license, that is, the license authentication. - The
CA 60 is the so-called authenticator (or authenticating body) which is formed by one or more computers and issues the individual certificate package and the like. In this embodiment, theCA 60 maintains uniqueness of the individual certificate package and prevents issuance of the individual certificate package with respect to the client (PC 10) who does not possess the license, by linking with theactivation server 50. -
FIG. 2 is a diagram showing a hardware structure of a Personal Computer (PC) in one embodiment of the present invention. ThePC 10 shown inFIG. 2 includes a Hard Disk Drive (HDD) 102, amemory device 103, aCPU 104, aninterface device 105, adisplay device 106, and aninput device 107 which are connected via a bus B. - The equipment information notifying program which realizes the process of the
PC 10 is downloaded via thenetwork 30 or thenetworks HDD 102. In addition to the equipment information notifying program installed therein, theHDD 102 also stores necessary files, data and the like. - The
memory device 103 stores the equipment information notifying program that is read from theHDD 102 when a start instruction is issued to start the equipment information notifying program. TheCPU 104 realizes the functions of thePC 10 according to the equipment information notifying program stored in thememory device 103. Theinterface device 105 provides an interface for connecting thePC 10 to thenetwork 30. Thedisplay device 106 displays a Graphical User Interface (GUI) or the like by the equipment information notifying program. Theinput device 107 is formed by a keyboard, a mouse and the like, and is used to input various operation instructions. - The installing of the equipment information notifying program does hot necessarily have to be made via the
network 30, and may be made via a recording medium such as a CD-ROM and a SD-Card. - Each of the
center server 40, theactivation server 50 and theCA 60 may have a hardware structure similar to the hardware structure of thePC 10 shown inFIG. 2 . However, in the case of thecenter server 40, theactivation server 50 and theCA 60, it is not essential to provide or connect thedisplay device 106 and theinput device 107. -
FIG. 3 is a diagram showing an example of a functional structure of the PC in a first embodiment of the present invention. InFIG. 3 , an equipmentinformation notifying program 11 operates (or runs) on an Operating System (OS) 12, and causes thePC 10 to function as a User Interface (UI)part 112, anactivation request part 113, an individualcertificate request part 114, an equipmentinformation collecting part 115, and an equipmentinformation transfer part 116. - The
UI part 112 displays the GUI on thedisplay device 106, and performs processes such as detecting a user request and providing information to the user. Theactivation request part 113 makes an activation request for the equipmentinformation notification program 11, with respect to theactivation server 50. The individualcertificate request part 114 requests issuance of the individual certificate package with respect to thecenter server 40 depending on the activation result. The equipmentinformation collecting part 115 collects the equipment information from theequipments 20 that are connected to thenetwork 30. The equipmentinformation transfer part 116 transfers the collected equipment information to thecenter server 40. When transferring the collected equipment information, the equipmentinformation transfer part 116 performs the mutual authentication and enciphered communication using the individual certificate package. - Identification information which enables the
PC 10 to communicate with thecenter server 40, theactivation server 50 and theCA 60, such as the Internet Protocol (IP) address, a host name, and a Uniform Resource Locator (URL), is stored in theHDD 102 at a location that is recognizable by the equipmentinformation notifying program 11. - Next, a description will be given of a processing sequence of the
equipment monitoring system 1.FIG. 4 is a diagram for explaining an individual certificate package issuing process in the first embodiment. The process in each apparatus of theequipment monitoring system 1 is performed by the control of the program which is installed in each apparatus and executed. - In a step S101 shown in
FIG. 4 , a license issuing source of the equipmentinformation notifying program 11 issues a product key (or license key) corresponding to the license. A user of the PC 10 (hereinafter simply referred to as a “user”) receives the product key issued from the license issuing source. For example, the product key is issued when the license is purchased. The method of purchasing the license and the method of issuing the product key are not limited to particular methods, and the purchasing of the license and the issuing of the product key may be made via the Internet or via a recording medium, including paper. The product key is unique to each license. - Next, when the user inputs the product key from a screen which is displayed by the
UI part 112, theactivation request part 113 sends an activation request (request to use) for the equipmentinformation notifying program 11 with respect to theactivation server 50, in a step S102. The activation request includes the product key and hardware information of thePC 10. The hardware information is any information which physically and uniquely identifies thePC 10, such as a Media Access Control (MAC) address of thePC 10, a serial number of theCPU 104, and a serial number of thememory device 103. Theactivation request part 113 acquires the hardware information from thePC 10. TheUI part 112 stores the input product key at a predetermined location in theHDD 102. - The
activation server 50 performs an activation process (or license authentication) based on an activation management table when the product key and the hardware information are received from thePC 10, in a step S103. -
FIG. 5 is a diagram showing an example of a structure of the activation management table. An activation management table 51 shown inFIG. 5 manages the serial number and an invalid flag with respect to each pair of activated (license authenticated) product key and hardware information. The activation management table 51 is stored in a storage device of theactivation server 50. - Accordingly, the
activation server 50 authenticates the license by judging whether or not the received product key is already registered in the activation management table 51 in correspondence with another hardware information (that is, whether or not the equipmentinformation notifying program 11 is being used by anotherPC 10 based on the same product key information). In a case where the license with respect to the received product key permits simultaneous use of the product key in a plurality ofPCs 10, theactivation server 50 authenticates the license by judging whether or not different hardware information amounting to the number of licenses (hereinafter referred to as a license number) with respect to the received product key is already registered in the activation management table 51 in correspondence with the received product key. Information specifying the license number may be included in a product identifier (ID) or, may be inquired to the computer at the license issuing source based on the product ID. - If the hardware information amounting to the license number with respect to the received product key is not registered in the activation management table 51 (that is, no activation amounting to the license number has yet been made), the
activation server 50 authenticates the license with respect to the received product key and hardware information (that is, judges that the license is legitimate), and registers the received product key and hardware information in the activation management table 51 in correspondence with each other. In addition, theactivation server 50 generates a serial number, that is, identification information, which is unique to the pair of received product key and hardware information, and registers the serial number in the activation management table 51 in correspondence with the pair. - Next, the
activation server 50 sends (or issues) the serial number with respect to thePC 10, in a step S104. If the license authentication fails (or the activation amounting to the license number has already been made), theactivation server 50 sends to thePC 10 information indicating that the activation failed. Hence, the serial number is issued only when the activation is successful. - The individual
certificate request part 114 of thePC 10 generates an identification identifier (ID) by performing a reversible conversion (or reversible transformation) with respect to the combination of a model identifier (ID) and a serial number, in a step S105. The model ID is an identifier (ID) assigned to the equipmentinformation notifying program 11. In other words, the model ID takes a common value with respect to all equipmentinformation notifying programs 11 which are distributed. Then, the individualcertificate request part 114 requests issuance of the individual certificate package by sending the identification ID to thecenter server 40, in a step S106. - The
center server 40 transfers the received identifier ID and the issuance request for the individual certificate package to theCA 60, in a step S107. TheCA 60 extracts the serial number from the received identification ID in a step S108, and sends the serial number to theactivation server 50 in order to inquire whether or not the serial number is a legitimately issued serial number, in a step S109. Theactivation server 50 judges whether or not the serial number is a legitimately issued serial number based on the activation management table 51, in a step S110. If the serial number is registered in the activation management table 51, theactivation server 50 judges that the serial number is a legitimately issued serial number. On the other hand, theactivation server 50 judges that the serial number is not a legitimately issued serial number if the serial number is not registered in the activation management table 51. Theactivation server 50 returns a judgement result to theCA 60, in a step S111. - If the serial number is a legitimately issued serial number, the
CA 60 generates a unique individual certificate package with respect to the identification ID, that is, with respect to the equipmentinformation notifying program 11 of thePC 10, and returns the generated individual certificate package to thecenter server 40, in a step S112. -
FIG. 6 is a diagram showing an example of a structure of the individual certificate package. As shown inFIG. 6 , anindividual certificate package 117 includes a client publickey certificate 1171, an authenticator publickey certificate 1172, a client secret key 1173, and a connectingdestination information 1174. The client publickey certificate 1171 and the client secret key 1173 are respectively used as a public key certificate and a secret key at thePC 10 when performing the mutual authentication and enciphered communication between thePC 10 and thecenter server 40. The authenticator publickey certificate 1172 is a public key certificate of theCA 60. The connectingdestination information 1174 is identification information of the connecting destination for the enciphered communication using theindividual certificate package 117, and is formed by an IP address of thecenter server 40 in this embodiment. - In addition, the
CA 60 registers the identification ID, which is an issuance target of theindividual certificate package 117, in a certificate issuance log list. -
FIG. 7 is a diagram showing an example of a structure of the certificate issuance log list. As shown inFIG. 7 , a certificateissuance log list 61 is a list of identification IDs issued by theindividual certificate package 117. For example, the certificateissuance log list 61 is stored in a storage device of theCA 60. - Next, when the
center server 40 receives theindividual certificate package 117, thecenter server 40 transfers theindividual certificate package 117 to thePC 10, in a step S113. The individualcertificate request part 114 of thePC 10 stores the receivedindividual certificate package 117 in theHDD 102 at a predetermined location. - When the equipment
information notifying program 11 is activated in thePC 10 and theindividual certificate package 117 is introduced with respect to thePC 10, it becomes possible for the equipmentinformation transfer part 116 to transfer the equipment information collected by the equipmentinformation collecting part 115 with respect to thecenter server 40. When transferring the equipment information, the equipmentinformation transfer part 116 sends the product key and the hardware information stored in theHDD 102 to theactivation server 50 in order to inquire whether or not the execution of the equipment information transfer is permitted. Theactivation server 50 permits the execution if the received product key and hardware information are registered in the activation management table 51. - If the execution of the equipment information transfer is permitted, the equipment
information transfer part 116 executes a mutual authentication by the SSL using theindividual certificate package 117. -
FIG. 8 is a sequence diagram for explaining an authentication process by the SSL using the individual certificate package. In this authentication process, it is a precondition that the certificate package is also introduced to thecenter server 40. In other words, in this embodiment, a unique certificate package is introduced (or stored) in advance in thecenter server 40. The certificate package introduced in advance to thecenter server 40 includes a unique public key certificate (or server public key certificate) for eachcenter server 40, a unique secret key (or server secret key) for eachcenter server 40, and a public key certificate of theauthenticator 60. - When starting the communication, the equipment
information transfer part 116 sends a SSL version number, supported enciphering set, a random number and the like to thecenter server 40, in a step S301. Thecenter server 40 sends the SSL version number, the enciphering set used, the random number and the like to the equipmentinformation transfer part 116, in a step S302. Thecenter server 40 sends a server public key certificate to the equipmentinformation transfer part 116, in a step S303. Thecenter server 40 requests presentation of the certificate to the equipmentinformation transfer part 116, in a step S304. The center sever 40 thereafter waits for a response from the equipmentinformation transfer part 116. - When the equipment
information transfer part 116 receives the server public key certificate, the equipmentinformation transfer part 116 inspects the received server public key certificate using the authenticator publickey certificate 1172, in a step S305. When the legitimacy of the server public key certificate is confirmed, the equipmentinformation transfer part 116 sends the client publickey certificate 1171 to thecenter server 40, in a step S306. The equipmentinformation transfer part 116 enciphers a premaster secret (random number) which is calculated from hash values of data exchanged up to that point in time, by a server public key of the server public key certificate, in a step S307. The equipmentinformation transfer part 116 sends the enciphered premaster secret to thecenter server 40, in a step S308. The equipmentinformation transfer part 116 makes a signature to the random data calculated using the data exchanged up to that point in time, using the client secret key, in a step S309. The equipmentinformation transfer part 116 random data with the signature to thecenter server 40, in a step S310. The equipmentinformation transfer part 116 creates a session key based on two seeds and the premaster secret, in a step S311. - Next, the
center server 40 inspects the received client publickey certificate 1171 using the authenticator public key certificate possessed by thecenter server 40, and thecenter server 40 also inspects the data with the signature using the client publickey certificate 1171, in a step S312. In addition, thecenter server 40 creates a session key from the two seeds and the premaster secret deciphered (or decrypted) using the server secret key, in the step S312. - The equipment
information transfer part 116 sends a message indicating that the data will thereafter be sent using a common key, and a message indicating an end of the SSL authentication to thecenter server 40, in a step S313. Thecenter server 40 sends a message indicating that the data will thereafter be sent using the common key, and a message indicating an end of the SSL authentication to the equipment to the equipmentinformation transfer part 116, in a step S314. After the step S314, an enciphered communication using the session key is started. By this enciphered communication, the equipmentinformation transfer part 116 sends the equipment information and the like with respect to thecenter server 40. Hence, if a legitimateindividual certificate package 117 is not introduced to thePC 10, the authentication process shown inFIG. 8 will not be successful and the enciphered communication using the session key cannot be performed thereafter. In other words, the equipment information is transferred on the condition that the activation with respect to the equipmentinformation notifying program 11 is successful and theindividual certificate package 117 is introduced to thePC 10. - The authentication process shown in
FIG. 8 achieves the mutual authentication from the theory that an illegitimate server other than thecenter server 40 possessing the certificate will not possess the secret key and will not be able to decipher the premaster secret sent from the equipmentinformation transfer part 116, and an illegitimate client other thanPC 10 having the equipmentinformation transfer part 116 which possesses the certificate will not be able to confirm the signature from the client. - There are cases where it is desirable to install and operate the equipment
information notifying program 11 on adifferent PC 10 without newly purchasing the license, such as when thePC 10 introduced with theindividual certificate package 117 fails or, due to work-related or operation-related reasons. Next, a description will be given of a processing sequence that is executed in such cases. -
FIG. 9 is a diagram for explaining a first processing procedure for a case where the same license is applied to a different PC. - In this case, the user at the user site of the
equipment 20 requests issuance of a different product key with respect to the already purchased license, that is, requests reissuance of the product key. When making this request, the user notifies the old product key which is already issued with respect to the license to the license issuing source. When the computer at the license issuing source receives the old product key, this computer sends a product key reissue request to theactivation server 50 together with the old product key, in a step S401. - The
activation server 50 generates a new product key which is to replace the old product key, that is, reissues the product key, and returns the new product key which is generated (or the product key which is reissued) to the computer at the license issuing source, in a step S402. When reissuing the product key, theactivation server 50 turns ON the invalid flag corresponding to the old product key in the activation management table 51. By turning ON the invalid flag, the old product key is invalidated. Thereafter, any activation request based on the old product key is rejected. - The license issuing source notifies the product key which is reissued with respect to the user site of the
equipment 20 to this user site, in a step S403. - Thereafter, a
PC 10 a which is newly installed with the equipmentinformation notifying program 11 is utilized, and a processing sequence similar to the processing sequence described above in conjunction withFIG. 4 is executed based on the reissued product key, in steps S404 through S415. Accordingly, a new serial number is issued in the step S405, and a newindividual certificate package 117 is issued in the step S414. - If the
PC 10 possessing the old product key were to attempt transfer of the equipment information by the equipmentinformation transfer part 116 using the old individual certificate package, theactivation server 50 would return a response indicating that the execution of the equipment information transfer is not permitted, based on the invalidated old product key, in response to an inquiry from the equipmentinformation transfer part 116 inquiring whether or not the execution of the equipment information transfer is permitted. For this reason, an equipment information transfer which would violate the license will be prevented. - It is also possible to execute the processing procedure shown in
FIG. 10 in place of the processing procedure shown inFIG. 9 .FIG. 10 is a diagram for explaining a second processing procedure for the case where the same license is applied to the different PC. - The process of reissuing the product key, performed by steps S501 through S503 shown in
FIG. 10 , is basically the same as the process performed by the steps S401 through S403 show inFIG. 9 . However, in the step S502, theactivation server 50 not only invalidates the old product key, but also stores in the storage device thereof information indicating the correspondence between the reissued product key (that is, the new product key) and the old product key. - Next, the
activation request part 113 of thePC 10 a sends an activation request for (or request to use) the equipmentinformation notifying program 11, together with the new product key and the hardware information of thePC 10 a, to theactivation server 50, in a step S504. Theactivation server 50 performs an activation process based on the new product key and the hardware information, in a step S505. In this state, theactivation server 50 does not generate a new serial number with respect to the new product key, and makes the serial number registered with respect to the old product key which corresponds to the new product key correspond to the new product key in the activation management table 51, in the step S505. Accordingly, theactivation server 50 returns to thePC 10 a the serial number which is identical to the serial number with respect to the old product key, in the step S505. - Steps S507 through S509 shown in
FIG. 10 are similar to the steps S407 through S409 shown inFIG. 9 . However, in the step S507, the individualcertificate request part 114 specifically requests reissuance of theindividual certificate package 117. Accordingly, thecenter server 40 sends the individual certificate reissue request to theCA 60, in the step S509. TheCA 60 judges whether or not the received identification ID is registered in the certificateissuance log list 61 shown inFIG. 7 , in response to the individual certificate reissue request. When the received identification ID is registered in the certificateissuance log list 61, theCA 60 generates theindividual certificate package 117 without making an inquiry with respect to theactivation server 50, and sends the generatedindividual certificate package 117 to thecenter server 40, in a step S511. InFIG. 10 , the identification ID for which theindividual certificate package 117 has once been issued will be regarded as being legitimate. Hence, theCA 60 does not need to make an inquiry with respect to theactivation server 50, and the process of issuing theindividual certificate package 117 is simplified. The process performed after the step S511, in the process performed in a step S512, is the same as the process performed inFIG. 9 . - As described above, according to the equipment
information monitoring system 1 of this first embodiment, it is possible to appropriately issue theindividual certificate package 117 by the link between theactivation server 50 and theCA 60. In other words, theactivation server 50 allocates a unique serial number with respect to the pair of product key and hardware information. On the other hand, theCA 60 inquires the legitimacy of the license based on the serial number, in response to the request to issue theindividual certificate package 117, and issues theindividual certificate package 117 only when the legitimacy of the license is confirmed. Therefore, it is possible to appropriately issue, with respect to thePC 10, theindividual certificate package 117 which is unique to thePC 10. As a result, it becomes possible to identify each of theindividual PCs 10, that is, each of the equipmentinformation notifying programs 11. - Next, a description will be given of a second embodiment. In describing this second embodiment, only those parts which differ from the first embodiment will be described.
-
FIG. 11 is a diagram for explaining the individual certificate packet issuing process in the second embodiment. - Steps S601 through S609 shown in
FIG. 11 are similar to the steps S101 through S111 shown inFIG. 4 . However, in the step S605, the individualcertificate request part 114 of thePC 10 sends the serial number and not the identification ID in response to the request to issue theindividual certificate package 117. In other words, the identification ID is not generated, and the serial number is notified to theCA 60 in the step S606. Consequently, theCA 60 does not need to extract the serial number from the identification ID. - Of course, the generation of the identification ID is also not essential in the first embodiment described above. In other words, the first embodiment may also request the issuance of the
individual certificate package 117 based on the serial number. - When the
activation server 50 confirms that the serial number is a serial number which has already been issued, theCA 60 generates theindividual certificate package 117 and records theindividual certificate package 117 in a Universal Serial Bus (USB) token 62 which is connected to a USB port (or USB connector) of theCA 60, in a step S610. - Accordingly, the
individual certificate package 117 can be distributed to the user site of theequipment 20 using theUSB token 62 as the medium. - When a setup of the
USB token 62 is made by connecting theUSB token 62 to a USB port of thePC 10 in a step S611, the individualcertificate request part 114 reads theindividual certificate package 117 from theUSB token 62 and stores theindividual certificate package 117 in theHDD 102, in a step S612. However, it is not essential to store theindividual certificate package 117 in theHDD 102, and theindividual certificate package 117 may continue to be stored in theUSB token 62. In this case, theUSB token 62 must be connected to thePC 10 during operation of theequipment monitoring system 1. - According to this second embodiment, it is also possible to securely issue the
individual certificate package 117. Of course, the medium used to distribute theindividual certificate package 117 is not limited to theUSB token 62. For example, any portable recording medium, such as a USB memory and a CD-ROM, may be used as the medium for distributing theindividual certificate package 117. - Next, a description will be given of a third embodiment. In this third embodiment, the functions of the
CA 60 and theactivation server 50 are installed in the portable recording medium (or portable information processing device) which is mounted with an IC chip that includes a CPU, a memory and the like. This third embodiment uses a USB token as an example of the information processing device, but it is of course possible to use other recording media which include a processor and a storage device. -
FIG. 12 is a diagram showing an example of a structure within a USB token in the third embodiment. AUSB token 80 shown inFIG. 12 is recorded with four programs and data. The four programs include anactivation program 81, an identificationID generating program 82, aCA program 83, and aresult reflecting program 84. The data include aproduct key 85, avalid license number 86, and a management table 87. - The
activation program 81 realizes the functions of theactivation server 50 in a simplified manner. The identificationID generating program 82 generates the identification ID. TheCA program 83 realizes the functions of theCA 60 in a simplified manner. Theresult reflecting program 84 reflects the contents of the processes executed by theactivation program 81 and theCA program 83 to theactivation server 50 and theCA 60. - The
product key 85 is a product key issued from the license issuing source. Thevalid license number 86 is the number of licenses set with respect to theproduct key 85. In other words,FIG. 12 shows a state after the product key is issued. In a case where the license number (that is, the number of licenses) is one or a fixed value which is determined in advance, it is not essential to record thevalid license number 86 in theUSB token 80. - The management table 87 manages the hardware information, the serial number, and the identification ID for each
individual certificate package 117 which has been issued. Hence, in an initial state where noindividual certificate package 117 has been issued using theUSB token 80, the management table 87 is empty. -
FIG. 13 is a diagram showing an example of a functional structure of the PC in the third embodiment. InFIG. 13 , those parts that are the same as those corresponding parts inFIG. 3 are designated by the same reference numerals, and a description thereof will be omitted. - As shown in
FIG. 13 , an equipmentinformation notifying program 11 a does not include anactivation request part 113 and an individualcertificate request part 114. Hence, the structure of the equipmentinformation notifying program 11 a is simplified according to this third embodiment. - Next, a description will be given of the processing procedure for this third embodiment.
FIG. 14 is a diagram for explaining the individual certificate package issuing process in the third embodiment. InFIG. 14 , theactivation program 81, the identificationID generating program 82 and theCA program 83 causes the IC chip of theUSB token 80 to execute the respective processes thereof. - When the
USB token 80 is connected to the USB port of thePC 10, theactivation program 81 reads the hardware information from thePC 10, in a step S701. The hardware information may be read directly from thePC 10 or, input via the equipmentinformation notifying program 11 a. Theactivation program 81 executes an activation process based on theproduct key 85 and the hardware information, in a step S702. More particularly, theactivation program 81 confirms whether or not the number of records registered in the management table 87 has reached thevalid license number 86, and whether or not the hardware information acquired by thePC 10 is already registered in the management table 87. If the number of records has not reached thevalid license number 86 and the hardware information is not registered in the management table 87, theactivation program 81 generates a unique serial number with respect to the pair of the hardware information and theproduct key 85. Theactivation program 81 registers the hardware information and the serial number in the management table 87, and notifies the serial number to the identificationID generating program 82. - The identification
ID generating program 82 acquires a model ID from the equipmentinformation notifying program 11 a, and generates an identification ID based on the model ID and the serial number, in a step S703. The identificationID generating program 82 registers the generated identification ID in the management table 87 in correspondence with the serial number. The identificationID generating program 82 requests issuance of theindividual certificate package 117 with respect to theCA program 83 based on the identification ID, in a step S704. - The
CA program 83 generates a uniqueindividual certificate package 117 for each identification ID, and registers theindividual certificate package 117 in the management table 87 in correspondence with the identification ID, in a step S705. - The following process is executed in response to the issuance of the
individual certificate package 117.FIG. 15 is a diagram for explaining a processing result reflecting process for a USB token. - In
FIG. 15 , theresult reflecting program 84 sends theproduct key 85, the hardware information newly registered in the management table 87, and the serial number, to theactivation server 50 via thePC 10, as the processing result of the simplified activation process, in a step S801. - The
activation server 50 registers the receivedproduct key 85, hardware information and serial number in the activation management table 51, in correspondence with each other, in a step S802. Hence, the result of the simplified activation process is reflected to theactivation server 50. - The
result reflecting program 84 sends the identification ID newly registered in the management table 87 to theCA 60 via thePC 10, in a step S803. TheCA 60 registers the received identification ID in the certificateissuance log list 61, in a step S804. Hence, the result of the simplified process of issuing theindividual certificate package 117 is reflected to theCA 60. - Identification information which enables the communication between the
activation server 50 and theCA 60, such as the IP address, the host name and the URL, may be recorded within theUSB token 80 or, may be read from an external source by reading the information stored in the equipmentinformation notifying program 11 a, for example. - The processes shown in
FIGS. 14 and 15 are executed by using thesingle USB token 80 within the user site of theequipment 20. Accordingly, it is possible to appropriately prevent a license violation, and to introduce theindividual certificate package 117 which is unit to eachPC 10. - The equipment
information transfer part 116 of thePC 10 uses theindividual certificate package 117 corresponding to the hardware information of thePC 10 by reading theindividual certificate package 117 from theUSB token 80 every time the equipment information is transferred. In other words, theindividual certificate package 117 is continuously stored in theUSB token 80. For this reason, it is necessary to connect theUSB token 80 to thePC 10 during operation of theequipment monitoring system 1. - If the
individual certificate package 117 can be stored securely within thePC 10, theindividual certificate package 117 may be imported from theUSB token 80 to the equipmentinformation notifying program 11 a, that is, to the storage device of thePC 10. In this case, it is unnecessary to connect theUSB token 80 to thePC 10 during operation of theequipment monitoring system 1. - In the case of a volume license having the
valid license number 86 which is two or greater for theproduct key 85, asingle USB token 80 may be used with respect to a plurality ofPCs 10 as a simplified individual certificate setting tool. - The process shown in
FIG. 15 may be executed asynchronously to the process shown inFIG. 14 . In other words, after the process shown inFIG. 14 is executed by using thesame USB token 80 with respect to a plurality ofPCs 10, theUSB token 80 may be connected to another PC, so as to execute the process shown inFIG. 15 simultaneously for a plurality of PCs. For example, a maintenance person may execute the process shown inFIG. 14 with respect to a number ofPCs 10 amounting to thevalid license number 86 at the user site of theequipment 20, and the maintenance person may execute the process shown inFIG. 15 after returning to the office of the maintenance service provider. In this case, theUSB token 80 must be distributed in advance to the user site. - According to the third embodiment, the program stored in the
USB token 80 can execute in a simplified manner the individual certificate issuing procedure which required the linking between theactivation server 50 and theCA 60. - Of course, a USB memory device or other portable recording media, not mounted with an IC chip, may be used in place of the
USB token 80. In this case, each program within the recording medium can be loaded to thememory device 103 or the like of thePC 10 to cause thePC 10 to execute the processing sequence of each program. - This application claims the benefit of a Japanese Patent Application No. 2008-107891 filed Apr. 17, 2008, in the Japanese Patent Office, the disclosure of which is hereby incorporated by reference.
- Further, the present invention is not limited to these embodiments, but various variations and modifications may be made without departing from the scope of the present invention.
Claims (12)
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2008-107891 | 2008-04-17 | ||
JP2008107891A JP5084592B2 (en) | 2008-04-17 | 2008-04-17 | Information processing device, electronic certificate issuing method, and program |
Publications (2)
Publication Number | Publication Date |
---|---|
US20090265546A1 true US20090265546A1 (en) | 2009-10-22 |
US8245286B2 US8245286B2 (en) | 2012-08-14 |
Family
ID=41202099
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/423,057 Expired - Fee Related US8245286B2 (en) | 2008-04-17 | 2009-04-14 | Information processing device, electronic certificate issuing method, and computer-readable storage medium |
Country Status (2)
Country | Link |
---|---|
US (1) | US8245286B2 (en) |
JP (1) | JP5084592B2 (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100235640A1 (en) * | 2009-03-16 | 2010-09-16 | Jun Satoh | Information processing apparatus, method of mutual authentication, mutual authentication program, and storage medium |
CN103634324A (en) * | 2013-12-09 | 2014-03-12 | 飞天诚信科技股份有限公司 | Method for monitoring certificates in real time |
CN104571003A (en) * | 2013-10-29 | 2015-04-29 | 株式会社安川电机 | Industrial equipment management system, industrial equipment management server, industrial equipment management method, program, and information storage medium |
EP2874087A1 (en) * | 2013-11-13 | 2015-05-20 | Fenwal, Inc. | Digital certificate with software enabling indicator |
CN106203054A (en) * | 2015-05-28 | 2016-12-07 | 株式会社理光 | Information processing system, information processor and digital certificates management method |
CN108154023A (en) * | 2016-11-24 | 2018-06-12 | 京瓷办公信息***株式会社 | Information processing system and information processing method |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE102015209714A1 (en) * | 2015-05-27 | 2016-12-01 | Siemens Aktiengesellschaft | Apparatus and method for adjusting usage of a device |
JP6828241B2 (en) * | 2016-01-15 | 2021-02-10 | 富士通株式会社 | Activation method, activation program and information processing equipment |
WO2018134937A1 (en) * | 2017-01-19 | 2018-07-26 | 株式会社セゾン情報システムズ | IoT DATA COLLECTION SYSTEM, IoT DATA COLLECTION METHOD, MANAGEMENT DEVICE, MANAGEMENT PROGRAM, AGENT DEVICE, AND AGENT PROGRAM |
CN108199838B (en) * | 2018-01-31 | 2020-05-05 | 北京深思数盾科技股份有限公司 | Data protection method and device |
US11281780B2 (en) * | 2018-02-07 | 2022-03-22 | Medicapture, Inc. | System and method for authorizing and unlocking functionality embedded in a system |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080313264A1 (en) * | 2007-06-12 | 2008-12-18 | Microsoft Corporation | Domain management for digital media |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2000305776A (en) * | 1999-04-21 | 2000-11-02 | Mitsubishi Electric Systemware Corp | Software use authorization check system and computer readable storage medium for storing program |
JP2002268764A (en) * | 2001-03-14 | 2002-09-20 | Dainippon Printing Co Ltd | Software license management system with ic card |
JP4526809B2 (en) | 2003-03-31 | 2010-08-18 | 株式会社リコー | Communication device manufacturing method and system |
JP4454280B2 (en) * | 2003-10-14 | 2010-04-21 | 新光電気工業株式会社 | License authentication method and license authentication system |
JP2007041736A (en) * | 2005-08-01 | 2007-02-15 | Konica Minolta Business Technologies Inc | License management system, license management device, and information processor |
JP4419977B2 (en) * | 2006-03-31 | 2010-02-24 | ブラザー工業株式会社 | Program creation device and program |
-
2008
- 2008-04-17 JP JP2008107891A patent/JP5084592B2/en not_active Expired - Fee Related
-
2009
- 2009-04-14 US US12/423,057 patent/US8245286B2/en not_active Expired - Fee Related
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080313264A1 (en) * | 2007-06-12 | 2008-12-18 | Microsoft Corporation | Domain management for digital media |
Cited By (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100235640A1 (en) * | 2009-03-16 | 2010-09-16 | Jun Satoh | Information processing apparatus, method of mutual authentication, mutual authentication program, and storage medium |
US10037499B2 (en) * | 2013-10-29 | 2018-07-31 | Kabushiki Kaisha Yaskawa Denki | Industrial equipment management system, industrial equipment management server, industrial equipment management method, and information storage medium |
CN104571003A (en) * | 2013-10-29 | 2015-04-29 | 株式会社安川电机 | Industrial equipment management system, industrial equipment management server, industrial equipment management method, program, and information storage medium |
US20150120008A1 (en) * | 2013-10-29 | 2015-04-30 | Kabushiki Kaisha Yaskawa Denki | Industrial equipment management system, industrial equipment management server, industrial equipment management method, and information storage medium |
US9985957B2 (en) | 2013-11-13 | 2018-05-29 | Fenwal, Inc. | Digital certificate with software enabling indicator |
EP2874087A1 (en) * | 2013-11-13 | 2015-05-20 | Fenwal, Inc. | Digital certificate with software enabling indicator |
US10587606B2 (en) | 2013-11-13 | 2020-03-10 | Fenwal, Inc. | Digital certificate with software enabling indicator |
US11228582B2 (en) | 2013-11-13 | 2022-01-18 | Fenwal, Inc. | Digital certificate with software enabling indication |
CN103634324A (en) * | 2013-12-09 | 2014-03-12 | 飞天诚信科技股份有限公司 | Method for monitoring certificates in real time |
CN106203054A (en) * | 2015-05-28 | 2016-12-07 | 株式会社理光 | Information processing system, information processor and digital certificates management method |
US10110596B2 (en) * | 2015-05-28 | 2018-10-23 | Ricoh Company, Ltd. | Information processing system, information processing apparatus, method for managing electronic certificate |
CN108154023A (en) * | 2016-11-24 | 2018-06-12 | 京瓷办公信息***株式会社 | Information processing system and information processing method |
CN108154023B (en) * | 2016-11-24 | 2021-08-06 | 京瓷办公信息***株式会社 | Information processing system and information processing method |
Also Published As
Publication number | Publication date |
---|---|
JP5084592B2 (en) | 2012-11-28 |
JP2009259033A (en) | 2009-11-05 |
US8245286B2 (en) | 2012-08-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8245286B2 (en) | Information processing device, electronic certificate issuing method, and computer-readable storage medium | |
JP5042109B2 (en) | Electronic certificate issuing system, electronic certificate issuing method, and electronic certificate issuing program | |
US7584351B2 (en) | Method of transferring digital certificate,apparatus for transferring digital certificate, and system, program, and recording medium for transferring digital certificate | |
US7809945B2 (en) | Examination apparatus, communication system, examination method, computer-executable program product, and computer-readable recording medium | |
US7823187B2 (en) | Communication processing method and system relating to authentication information | |
US8707025B2 (en) | Communication apparatus mediating communication between instruments | |
JP4758095B2 (en) | Certificate invalidation device, communication device, certificate invalidation system, program, and recording medium | |
US7546455B2 (en) | Digital certificate transferring method, digital certificate transferring apparatus, digital certificate transferring system, program and recording medium | |
JP2005110212A (en) | Communication apparatus, communication system, and method of setting certificate | |
JPWO2005106620A1 (en) | Information management apparatus and information management method | |
WO2008035450A1 (en) | Authentication by one-time id | |
WO2009093572A1 (en) | License authentication system and authentication method | |
JP5452192B2 (en) | Access control system, access control method and program | |
JP5065075B2 (en) | Information processing apparatus, information processing method, and program | |
US7451307B2 (en) | Communication apparatus, communication system, communication apparatus control method and implementation program thereof | |
US8355508B2 (en) | Information processing apparatus, information processing method, and computer readable recording medium | |
JP2005149341A (en) | Authentication method and apparatus, service providing method and apparatus, information input apparatus, management apparatus, authentication guarantee apparatus, and program | |
EP1515518B1 (en) | Method of setting digital certificate to authenticate communication apparatus | |
JP2005130445A (en) | Communication apparatus, communication system, fault detecting method and program | |
JP2004135195A (en) | Information equipment registration method, program for computer to execute the method, and information equipment | |
JP5600982B2 (en) | Server device, device association method, device association program, and installer | |
JP5434956B2 (en) | Certificate invalidation device, certificate invalidation system, program, and recording medium | |
US20220407843A1 (en) | Communication system and communication method | |
KR101510473B1 (en) | Method and system of strengthening security of member information offered to contents provider |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: RICOH COMPANY, LTD., JAPAN Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:NASU, MASAMI;SATOH, JUN;REEL/FRAME:022540/0740 Effective date: 20090409 |
|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |
|
FEPP | Fee payment procedure |
Free format text: PAYOR NUMBER ASSIGNED (ORIGINAL EVENT CODE: ASPN); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY |
|
FPAY | Fee payment |
Year of fee payment: 4 |
|
FEPP | Fee payment procedure |
Free format text: MAINTENANCE FEE REMINDER MAILED (ORIGINAL EVENT CODE: REM.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY |
|
LAPS | Lapse for failure to pay maintenance fees |
Free format text: PATENT EXPIRED FOR FAILURE TO PAY MAINTENANCE FEES (ORIGINAL EVENT CODE: EXP.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY |
|
STCH | Information on status: patent discontinuation |
Free format text: PATENT EXPIRED DUE TO NONPAYMENT OF MAINTENANCE FEES UNDER 37 CFR 1.362 |
|
FP | Lapsed due to failure to pay maintenance fee |
Effective date: 20200814 |